CloudJumper Blog

Atlanta Held Hostage By Ransomware – Do You Have The Same Vulnerability?

Share:

A ransomware attack has left Atlanta officials with no choice but to shut down their municipal courts while they determine the best course of action. If they had CloudJumper on their side, this never would have happened.  

In late March, the city of Atlanta’s IT systems were hit by a ransomware attack that is still affecting them today. Described by Atlanta Mayor Keisha Lance Bottoms as a “hostage situation,” the ransomware attack has crippled their municipal court’s IT systems and is preventing residents from paying bills online. The cybercriminals have demanded a ransom of $51, 000 to be paid in bitcoin.

Since the ransomware was first discovered, the city officials, along with members of various law enforcement agencies such as the FBI and Department of Homeland Security, have been working hard to determine what type of information was compromised and whether it could affect citizens directly.

The SamSam malware in question hunts for critical files and uses AES 256-bit encryption to lock them up, offering a key to decrypt them only if a bitcoin ransom is paid. If the victim doesn’t pay, they erase all the data.

What makes SamSam different than other big name ransomware variants like WannaCry is in the way the attacks develop. SamSam scans for open ports and uses a brute force attack until it gets in. A brute force attack means that they’ll constantly hit the port with credentials until one works. In other words, SamSam takes the time to guess passwords and is only successful when the passwords are simple, weak, short, etc.

The ransom note left by hackers said that refusing to pay the $51,000 would result in deletion of all the information. This particular group of hackers has successfully collected $850,000 since last year.

This wasn’t the first time SamSam paralyzed a government – it also infected offices in Colorado, North Carolina, Alabama and Maryland. Governments’ operations are mission-critical, and so hackers like this know that they often pay the ransom.

What about your business? Could you wait more than a week after a ransomware attack to start turning your computers back on? How long could you hold out before the loss of business and downtime would cause permanent damage to your bottom line?

Ransomware has quickly become one of the biggest cyber threats to businesses today, especially given the recent WannaCry epidemic that infected hundreds of thousands of IT systems in more than 150 countries. This kind of malware presents serious data integrity and financial concerns for affected businesses. It works by tricking a user into opening an executable file (either as an email attachment or downloaded from a webpage linked in an email) which then encrypts the victim’s files and holds them for ransom.

That’s why our solution, Cloud Workspace® is so effective in mitigating the effects of ransomware. In the case of SamSam, End Users would never even have the option of using a weak password for their account. Our platforms require complex passwords that are updated on a regular basis. We also offer simple integration with (highly recommended) Multi-Factor Authentication services to ensure that a password, no matter how complex, isn’t enough to access an account on its own.

Furthermore, through robust administrator controls, you can ensure that users don’t have the option to open an executable file (either through a phishing email, link or otherwise).

However, in the unlikely event that ransomware has already penetrated the system, we have a solution ready for that as well, ensuring that no one needs to consider paying a ransom to cybercriminals. While of course, we always seek to ensure that our customers are never in a situation where they would need to deploy their disaster recovery plan, we make sure to plan for every outcome all the same.

Should the need arise, managing your End Customers’ computing in a Cloud Workspace® environment inherently comes with disaster recovery. We can restore the environment back to a time just prior to the infiltration, saving the injured party $50,000 or more and restoring full control to their network.

In the end, the real value in partnering with us is that you don’t have to worry, and neither do your End Customers. The fact is that this isn’t the only time ransomware is going to strike at this large of a scale – when it happens again, and you get panicked calls from your End Customers, wouldn’t you like to tell them they have nothing to worry about?

With CloudJumper, you can.

Don’t wait until a ransomware attack locks up your End Customers’ data. Partner with CloudJumper by contacting us at hello@cloudjumper.com or (844) 645-6789 to get started with our Cloud Workspace® solution. Follow us on social media: Twitter | Facebook | LinkedIn

Why We Blog

At CloudJumper, we are a team of thought-leaders, always seeking to answer, what if? That’s how we came to build the industry’s most robust and easiest VDI/WVD orchestration & management tool.

We seek to bring that same energy to our blog. Weekly, team members from across our company come here to share their thoughts, opinions, and observations about what makes the cloud go. Want to add your own opinion?

We’d love to hear from you! And please remember to share our postings.

Tags